|
|
|
|
|
|||||||
 |
Wireless Networking - root CA expired now machine authentication broken (please help) |
|
|
Thread Tools | Search this Thread |
04-30-2009, 12:41 PM
|
#1 |
root CA expired now machine authentication broken (please help)
Recently the root CA for my domain expired on my Windows 2003 std
certificate authority. I then right clicked on the CA and clicked "renew CA certificate" with same key. Now none of my Wireless clients (all are Windows XP) are able to do machine authentication. Even if I hard wire the clients in and restart them so that they renew their certificates the machine will still not authenticate. Users however, are able to authenticate to the wireless network just fine. I have a wireless network setup in a GPO for the whole domain and the configuration is set like this. SSID: Dnet network authentication: WPA data encryption: TKIP EAP type: PEAP authenticate as computer when computer information is available: is checked and computer authentication is set to: with user re-authentication under the settings tab I have: Validate server certificate: checked connect to these servers: then I list out my ISA servers do not prompt user to authorize new servers or trusted certification authorities: checked select authentication method: secured password EAP-MSCHAP v2 enable fast reconnect: checked Does anyone have advice on what I should try next? Chris T. |
|
|
|
04-30-2009, 01:55 PM
|
#2 |
|
Posts: n/a
|
Re: root CA expired now machine authentication broken (please help)
Assume you use IAS, any errors in the Event Viewer?
-- Bob Lin, MS-MVP, MCSE & CNE Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Setup Windows, Network, VPN & Remote Access on http://www.HowToNetworking.com "Chris T." <> wrote in message news:... > Recently the root CA for my domain expired on my Windows 2003 std > certificate authority. > > > > I then right clicked on the CA and clicked "renew CA certificate" with > same key. > > > > Now none of my Wireless clients (all are Windows XP) are able to do > machine authentication. > > > > Even if I hard wire the clients in and restart them so that they renew > their certificates the machine will still not authenticate. Users however, > are able to authenticate to the wireless network just fine. > > > > > > I have a wireless network setup in a GPO for the whole domain and the > configuration is set like this. > > > > SSID: Dnet > > network authentication: WPA > > data encryption: TKIP > > EAP type: PEAP > > authenticate as computer when computer information is available: is > checked > > and computer authentication is set to: with user re-authentication > > > > under the settings tab I have: > > > > Validate server certificate: checked > > connect to these servers: then I list out my ISA servers > > do not prompt user to authorize new servers or trusted certification > authorities: checked > > select authentication method: secured password EAP-MSCHAP v2 > > enable fast reconnect: checked > > > > > > Does anyone have advice on what I should try next? > > > Bob Lin \(MS-MVP\) |
|
|
|
04-30-2009, 02:49 PM
|
#3 |
|
Posts: n/a
|
Re: root CA expired now machine authentication broken (please help)
Yes I am using IAS
what is strange is that I do not see any failed events in the system log for IAS for workstation whi-02881 I see this message under Security: Event ID 680 logon attempt by: microsoft_authentication_package_v1_0 logon account: host/whi-02881.domain.com source workstation: error code: 0xc0000064 "Bob Lin (MS-MVP)" <> wrote in message news:1867319B-0726-4E92-AEF3-... > Assume you use IAS, any errors in the Event Viewer? > > -- > Bob Lin, MS-MVP, MCSE & CNE > Networking, Internet, Routing, VPN Troubleshooting on > http://www.ChicagoTech.net > How to Setup Windows, Network, VPN & Remote Access on > http://www.HowToNetworking.com > > > "Chris T." <> wrote in message > news:... >> Recently the root CA for my domain expired on my Windows 2003 std >> certificate authority. >> >> >> >> I then right clicked on the CA and clicked "renew CA certificate" with >> same key. >> >> >> >> Now none of my Wireless clients (all are Windows XP) are able to do >> machine authentication. >> >> >> >> Even if I hard wire the clients in and restart them so that they renew >> their certificates the machine will still not authenticate. Users >> however, are able to authenticate to the wireless network just fine. >> >> >> >> >> >> I have a wireless network setup in a GPO for the whole domain and the >> configuration is set like this. >> >> >> >> SSID: Dnet >> >> network authentication: WPA >> >> data encryption: TKIP >> >> EAP type: PEAP >> >> authenticate as computer when computer information is available: is >> checked >> >> and computer authentication is set to: with user re-authentication >> >> >> >> under the settings tab I have: >> >> >> >> Validate server certificate: checked >> >> connect to these servers: then I list out my ISA servers >> >> do not prompt user to authorize new servers or trusted certification >> authorities: checked >> >> select authentication method: secured password EAP-MSCHAP v2 >> >> enable fast reconnect: checked >> >> >> >> >> >> Does anyone have advice on what I should try next? >> >> >> > Chris T. |
|
|
|
| Thread Tools | Search this Thread |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| pcAnywhere and Brother fax machine on same phoen line | bem522 | Software | 0 | 07-20-2007 04:20 PM |
| Expired passwords for user accounts | BuRinger7a | MCTS | 0 | 04-20-2007 02:46 AM |
| Re: Can't login to XP Pro machine | jjw | A+ Certification | 2 | 10-19-2004 12:36 AM |
| Re: Can't login to XP Pro machine | Solomon Kozanski | A+ Certification | 5 | 09-25-2004 05:24 PM |
| Re: Can't login to XP Pro machine | Gary | A+ Certification | 3 | 09-22-2004 10:17 PM |
